Re: CVS commit: src/sys

2020-05-10 Thread Christos Zoulas 
In article <20200508220155.446eef...@cvs.netbsd.org>,
Andrew Doran  wrote:
>-=-=-=-=-=-
>
>Module Name:   src
>Committed By:  ad
>Date:  Fri May  8 22:01:55 UTC 2020
>
>Modified Files:
>   src/sys/arch/x86/include: cpu_counter.h
>   src/sys/arch/x86/x86: cpu.c tsc.c
>   src/sys/dev/ic: hpet.c hpetvar.h
>
>Log Message:
>Fix the TSC timecounter (on the systems I have access to):
>
>- Make the early i8254-based calculation of frequency a bit more accurate.
>
>- Keep track of how far the HPET & TSC advance between HPET attach and
>  secondary CPU boot, and use to compute an accurate value before attaching
>  the timecounter.  Initial idea from joerg@.
>
>- When determining skew and drift between CPUs, make each measurement 1000
>  times and pick the lowest observed value.  Increase the error threshold to
>  1000 clock cycles.
>
>- Use the frequency computed on the boot CPU for secondary CPUs too.
>
>- Remove cpu_counter_serializing().

The TSC is still faster than it is supposed to be so ntpd does not sync
(it diverges). It is better than before but not good enough to keep time.

christos

Re: CVS commit: src

2020-05-10 Thread Yorick Hardy 
Dear Martin,

On 2020-05-08, Martin Husemann wrote:
> On Thu, May 07, 2020 at 10:52:26PM +0200, Yorick Hardy wrote:
> > Thanks! It took a while for this to sink in ...
> > 
> > So I think the test should only be built if MKCOMPAT=yes ?
> > (It does fail to build for me, because I usually have MKCOMPAT=no).
> 
> Yes, either the Makefile needs a conditional, or the SUBDIR+= in the
> makefile above.
> 
> Martin

I think it may be better in the Makefile, since the test for amd64 already
happens there and because the libi386 directory could conceivably
also contain i386/non-amd64 tests.

I successfully completed a build with MKCOMPAT=no, using the patch below.
Is it okay to commit?

-- 
Kind regards,

Yorick Hardy


Index: distrib/sets/lists/debug/md.amd64
==
--- distrib/sets/lists/debug/md.amd64
+++ distrib/sets/lists/debug/md.amd64
@@ -23,9 +23,9 @@
 ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_wait3.debug 
tests-obsolete  obsolete
 ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_wait4.debug 
tests-obsolete  obsolete
 ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_wait6.debug 
tests-obsolete  obsolete
 ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_waitid.debug
tests-obsolete  obsolete
 ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_waitpid.debug   
tests-obsolete  obsolete
-./usr/libdata/debug/usr/tests/lib/libi386/t_user_ldt.debug tests-lib-debug 
debug,atf
+./usr/libdata/debug/usr/tests/lib/libi386/t_user_ldt.debug tests-lib-debug 
debug,atf,compat
 ./usr/libdata/debug/usr/tests/lib/libnvmm/h_io_assist.debugtests-lib-debug 
debug,atf
 ./usr/libdata/debug/usr/tests/lib/libnvmm/h_mem_assist.debug   tests-lib-debug 
debug,atf
 ./usr/libdata/debug/usr/tests/modules/t_x86_pte.debug  tests-sys-debug 
debug,atf

Index: distrib/sets/lists/tests/md.amd64
==
--- distrib/sets/lists/tests/md.amd64
+++ distrib/sets/lists/tests/md.amd64
@@ -5,13 +5,13 @@
 ./usr/tests/kernel/arch/x86/t_ptrace_wait3 tests-obsolete  obsolete
 ./usr/tests/kernel/arch/x86/t_ptrace_wait4 tests-obsolete  obsolete
 ./usr/tests/kernel/arch/x86/t_ptrace_wait6 tests-obsolete  obsolete
 ./usr/tests/kernel/arch/x86/t_ptrace_waitidtests-obsolete  obsolete
 ./usr/tests/kernel/arch/x86/t_ptrace_waitpid   tests-obsolete  obsolete
-./usr/tests/lib/libi386/t_user_ldt tests-lib-tests 
compattestfile,atf
+./usr/tests/lib/libi386/t_user_ldt tests-lib-tests 
compattestfile,atf,compat
 ./usr/tests/lib/libnvmm/h_io_assisttests-lib-tests 
compattestfile,atf
 ./usr/tests/lib/libnvmm/t_io_assisttests-lib-tests 
compattestfile,atf
 ./usr/tests/lib/libnvmm/h_mem_assist   tests-lib-tests 
compattestfile,atf
 ./usr/tests/lib/libnvmm/t_mem_assist   tests-lib-tests 
compattestfile,atf
 ./usr/tests/modules/t_x86_pte  tests-sys-tests atf,kmod
 ./usr/tests/modules/x86_pte_tester tests-sys-tests atf,kmod
 ./usr/tests/modules/x86_pte_tester/x86_pte_tester.kmod tests-sys-tests atf,kmod

Index: tests/lib/libi386/Makefile
==
--- tests/lib/libi386/Makefile
+++ tests/lib/libi386/Makefile
@@ -2,14 +2,14 @@
 
 .include 
 
 TESTSDIR=  ${TESTSBASE}/lib/libi386
 
-.if ${MACHINE} == "amd64"
+.if ${MACHINE} == "amd64" && ${MKCOMPAT} == "yes"
 SHLIBINSTALLDIR=   /usr/lib/i386
 COPTS+=-m32
 LDFLAGS+=  -m32
 LDADD+=-li386
 TESTS_C+=  t_user_ldt
 .endif
 
 .include

Re: CVS commit: src/sys/uvm

2020-05-10 Thread Alexander Nasonov 
Taylor R Campbell wrote:
> Log Message:
> Implement swap encryption.
> 
> Enabled by sysctl -w vm.swap_encrypt=1.

If secmodel_securelevel(9) is still a thing, locking down this sysctl
at high securelevel may improve our security. Prior to this change,
swap devices were readable (even if enrypted with cgd).  With this
sysctl set to 1, all new swap devices will be encrypted, the only
thing to worry about is if it's set back to 0 on a compromised host.

Not sure if this makes sense because all files on a compromised
host can be read and processes' memory can be probably dumped.

Alex

Re: CVS commit: src/sys/uvm

2020-05-10 Thread Alistair Crooks 
On Sat, 9 May 2020 at 14:50, Taylor R Campbell  wrote:

> Module Name:src
> Committed By:   riastradh
> Date:   Sat May  9 21:50:39 UTC 2020
>
> Modified Files:
> src/sys/uvm: uvm_swap.c
>
> Log Message:
> Implement swap encryption.
>
> Enabled by sysctl -w vm.swap_encrypt=1.  Key is generated lazily when
> we first need to swap a page.  Key is chosen independently for each
> swap device.  The ith swap page is encrypted with AES256-CBC using
> AES256_k(le32enc(i) || 0^96) as the initialization vector.  Can be
> changed at any time; no need for compatibility with on-disk formats.
> Costs one bit of memory per page in each swapdev, plus a few hundred
> bytes per swapdev to store the expanded AES key.
>
> Shoulda done this decades ago!  Plan to enable this by default;
> performance impact is unlikely to matter because it only happens when
> you're already swapping anyway.  Much easier to set up than cgd, so
> we can rip out all the documentation about carefully setting up
> random-keyed cgd at the right time.
>
> Thanks, this is great - looking forward to it being default!

Best,
Alistair

Re: CVS commit: src/sys/uvm

2020-05-10 Thread Taylor R Campbell 
> Date: Sun, 10 May 2020 23:53:00 +0100
> From: Alexander Nasonov 
> 
> Taylor R Campbell wrote:
> > Log Message:
> > Implement swap encryption.
> > 
> > Enabled by sysctl -w vm.swap_encrypt=1.
> 
> If secmodel_securelevel(9) is still a thing, locking down this sysctl
> at high securelevel may improve our security. Prior to this change,
> swap devices were readable (even if enrypted with cgd).  With this
> sysctl set to 1, all new swap devices will be encrypted, the only
> thing to worry about is if it's set back to 0 on a compromised host.

This sounds entirely reasonable.  Would you like to draft an
implementation of that?

Presumably it would require writing a sysctl callback function for
vm.swap_encrypt, and would somehow involve kauth, but I'm not sure
offhand what needs to happen beyond that.  Perhaps vm.user_va0_disable
can be a source of inspiration.

Re: CVS commit: src

2020-05-10 Thread Martin Husemann 
On Sun, May 10, 2020 at 04:18:54PM +0200, Yorick Hardy wrote:
> I think it may be better in the Makefile, since the test for amd64 already
> happens there and because the libi386 directory could conceivably
> also contain i386/non-amd64 tests.
> 
> I successfully completed a build with MKCOMPAT=no, using the patch below.
> Is it okay to commit?

Looks good to me, thanks!

Martin